Mercurial > kallithea
view docs/usage/debugging.rst @ 5875:abc1ada59076
notifications: untangle notification access check
This removes a broken permission check when viewing notifications (the
HasRepoPermissionAny object was created, but never actually called with
a repo_name argument as required). It would be non-trivial to actually
implement the check, as notifications don't track their repository
relationship explicitly, and even then, it's unclear why it would
make sense to allow a repository admin to see notifications to
other users.
It was never a vulnerability, due to a subsequent (and much stricter)
ownership check, which remains but has been untangled for readability.
In short, this changeset is a pure refactoring, except that specifying
a non-existent notification ID will now produce error 404, not 403.
| author | Søren Løvborg <sorenl@unity3d.com> |
|---|---|
| date | Tue, 19 Apr 2016 18:03:30 +0200 |
| parents | 87ac42db389c |
| children |
line wrap: on
line source
.. _debugging: =================== Debugging Kallithea =================== If you encounter problems with Kallithea, here are some instructions on how to debug them. .. note:: First make sure you're using the latest version available. Enable detailed debug --------------------- Kallithea uses the standard Python ``logging`` module to log its output. By default only loggers with ``INFO`` level are displayed. To enable full output change ``level = DEBUG`` for all logging handlers in the currently used .ini file. This change will allow you to see much more detailed output in the log file or console. This generally helps a lot to track issues. Enable interactive debug mode ----------------------------- To enable interactive debug mode simply comment out ``set debug = false`` in the .ini file. This will trigger an interactive debugger each time there is an error in the browser, or send a http link if an error occurred in the backend. This is a great tool for fast debugging as you get a handy Python console right in the web view. .. warning:: NEVER ENABLE THIS ON PRODUCTION! The interactive console can be a serious security threat to your system.